Security research

sonic wall ssl-vpn remote command execution vulnerability

0x00   Vulnerability number

Not yet

0x01   Hazard level


0x02 vulnerability overview

The sonic wall ssl-vpn product uses a very old Linux kernel and HTTP CGI executable program, which cannot correctly parse the HTTP header when processing HTTP requests. This vulnerability leads to command injection, which allows remote attackers to gain control privileges.

0x03 version affected

Sonic SMA <

0x04 repair suggestions

Users are advised to update the Security version in time:

0x05 verify exp Door

Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co